Do not include auth token in republished URLs

Steps to reproduce

Using Opencast's token based authorization system, users may require a
valid token for accessing resources like videos (this is configurable,
of course, but that would be a common use case). Access without a token
will always be denied in such a case, regardless of the users login
status.

To obtain the token, the search service will include then in search
results for users with valid access as part of the returned URLs. This
means that there is no need for any special handling of search results
if tokens are required in contrast to them not being required.

Unfortunately, this has the side-effect that for re-publication of
metadata, tokens will end up in the published data since they look just
like regular URLs, causing the URLs to become permanently invalid.

Status

Assignee

Lars Kiesow

Reporter

Lars Kiesow

Severity

Data Loss/Corruption

Tags (folksonomy)

None

Components

Affects versions

Priority

Major
Configure